From 119527afca36d8c886ab812237eb2f3bdd6487c4 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 13 Dec 2017 17:45:41 +0000 Subject: [PATCH 1/7] Add an Understanding TLS chapter --- .gitignore | 2 +- Makefile | 3 +- openssl-book.tex | 2 + tls/understand-tls/typicalhand.pdf | Bin 0 -> 12126 bytes tls/understand-tls/typicalhand.svg | 356 ++++++++++++++++++++++++++ tls/understand-tls/understand-tls.tex | 275 ++++++++++++++++++++ 6 files changed, 636 insertions(+), 2 deletions(-) create mode 100644 tls/understand-tls/typicalhand.pdf create mode 100644 tls/understand-tls/typicalhand.svg create mode 100644 tls/understand-tls/understand-tls.tex diff --git a/.gitignore b/.gitignore index cb63f1c..bd9eb47 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,8 @@ #PDF, aux and log files -*.pdf *.log *.aux #Top level auto-generated files openssl-book.out openssl-book.toc +openssl-book.pdf diff --git a/Makefile b/Makefile index e8f82d6..77dff8a 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,8 @@ EXE= BOOKELEMS= openssl-book.tex -all: openssl-book.pdf +all: openssl-book.pdf \ + tls/understand-tls/understand-tls.tex $(EXE): %: %.c $(CC) -o $@ $< $(CFLAGS) diff --git a/openssl-book.tex b/openssl-book.tex index c4554f3..04c809b 100644 --- a/openssl-book.tex +++ b/openssl-book.tex @@ -281,6 +281,8 @@ \chapter{Outline - to be deleted} \part{SSL/TLS/DTLS} +\include{tls/understand-tls/understand-tls} + \part{Cryptography} \end{document} diff --git a/tls/understand-tls/typicalhand.pdf b/tls/understand-tls/typicalhand.pdf new file mode 100644 index 0000000000000000000000000000000000000000..615c1a09c26b565aeeea00efffa237e66e32f5ef GIT binary patch literal 12126 zcmd6NbzD?k*R}-+f(T02ARr($LxV_nhjcl>07DH7Lo29s2#9n^HxklHcQ+zk(kWf? z&0yT#_x(KI`~BX(zBzEt*=xtyd+ojUZ(aLZbjsqAEFe}cEV|N-_orAK03ZNnWPv3h z0AQ1c*q9;A0h~yYDi#0$V3UMeAs}$%(+Z4$h(nBFCJ-z^K`eU&90In+a*l6SZ?_=> zVORHRE}Ih(OQdOBlXz(g4ZQa_ZHJ|;Uiv}V^>I5w#PO*h^wYRqsG2o#YI3&J>fxBeKj!k&&#Q1eUpd%h z3WyEDnPN)y$Cgp89?!A=B5-bzSS+R>qq}8on^X3}bc^w$UbjdM*ZhvyVU?3X!v12+ z`59JWn*01ddF|=yDk*xZ4O6CjmelZ~&JqS$LBfYOL)~ez2K2ohdUXPafvigCxSM!092cSqWjU4D zQs-0-2A^F>8Dl@!iH$0p9CNfeVN>{WHLFf#9iO8l+OkNADx;eTtCrRDy&z^v)2ayv z#ndvO^YC-C0QTA-e}_2Q045jHm2$kSaTUS~DeF8oS!){dFqzc%DY&xIsoM$b{aG8Y zw)BY}bx(f~(#J}O1AD~sQFf8|SP7ziR<-i3gdDA!jP}|LirBNq;`G}%SH^Ske1^nH z7)!QFSd~!CIzz^zY|?tn`CTcw%eOS>Ufv$UMU0F@5OT!6)+e4)O;1$&kQq}kGbFbV ztKH|$8YgfYV9gVQQ@&G0_JD{_r)-dW=4t|izvC-CaXy9!;I5u1)5eXxA1fUmIJG3v1Q!xv{SI}X?A!~??^M7K(-1I=)1MO?JPU1qhL$QEDk+pMUGN>8YAVPa{q8#~N$jE^R{ zrr+ZSOZwa264JG5?lp^R&6{=E*?Ku~4;Z9r!r$V!y4zE;6Y?zD}boeEFuL zRZ$-x5x=wDV9L-q+-*B*e{X?|=gQgE1q?H~R8 z@v%$kuYsx|y8s8<*xRB$Z0zz&ECWEm9WJ|s8jKjSlsLo@Y79}85=9mHsRmVuJyxd#J!cDJWG5gWJ)g2SyZHq*Pe}6IwX4C@`lVUIS~#H_|U!XwyxU&ii!&~ zrB&$)J-o*0`j+TagQK^=b{?l!zH)}RU3`3ZdOT6B?Y2=mVqkf0uy%TSe%lLQlv7pq z#gXZxQ0g)+B+mEFTsw`ILR{(cRjNuJ{=m>abkQtkhFJTHGr_<``~kFalh5&|ln;-_ z%ZN1QPHjX*4+we^-}GXgc!)_mQy=WJG~Lz}uB0008r{@!zPK(Yn`X~kMpmScnEs^A zaZ|nLE`C48IPQdyu?${;@}jXDM%iRO@_p+SY`F{uF}vawPJi-hSWIn$`Nl>a&jTcYUr%?*=R%q z`Wm%d1@FXoN+aMyy%x0;Lfp%X~Ep@iXBI*m>XZ24oz2;zqM@Qds%5v=TVM>8i zV6q7VMTd{8uVesaBqvw*m{^?DV!w-3qLV?I!^tzX8aq(QVSdU+f(SFiu5)vPoX)|R zVy)oeXqWcZx#(1AtGR4v<`DkVaSfY1r^1h!6oMm}y@{KT%{_AZ@9^t=FS0wYc^s#3 zObPH>qEVvGIuK$g*mp zRZ4q*#pj8$rzqJgPM>dQbpz?@AJ^7=t50U$q*__7^?q4g;-Q)v)9Kkg=<2EUIXw`2 z>CVVKUvqvwdpnsQOb;^m)Oo*>Lx7{{P)V^^<4L;1M#I$k*+Olk%q(8 zjI{JKX0)+hY}uZ>q;ketpBv}rKGH$ZhvUCw>XL3qaGWBzzVeyQX1kSDS2>?HzWc8D zUBw{LEx)7!S}%w5l`K%`d7RI4hpnyVk@Ay$7JW`jM=R&m%JU^bMI|@bLRLh`860XA zl?Yqscg@!IeGevI9RsYmhotEGC5u(kJhd(~50D*FvC)(>K8+EMdu-pqIq>`ob+2!< zjt%`D27zyV#c0uE?rJSVp_#gXPy?01Uh8;)i7FxjJ)oRlQanbgb;PznN@(17T42RY zSCV`*0nnRa2p~?<^5RUA;TkbPyq2C>%V#K`+M3-}kBf;Nhs5|DhpG6FUBP8MCrjKu zXe`vJVpVei&FPN!?C5wBPu`I?E*2YUG<0Y&x&>H6aw^{tse-a3{hdaPfDhvIkIyJe1FD`mQ@d(Zb9tPfYtlU6<`exTZ?ds~fOw#A7TP$4i|xvm*P`JC&t5>sfByIS2{+D#SmjWDtD z5!e3Q${>-Nn&n5wbg?YYs+AWvj5^*ELq6YK8IZmY-KO_$T?K1kd?CpgdW3DLz5X)m zC|jUo(P z^<2;TXgx}VTBz0zkLS;JzVv?qeJT1e)b8mnFaw#_6!Q9EGbG{F_N~hxvBOjBT7aQzPRow@wK9xOf zdBfs6WgC^ZI-JYRnB5#60c~_JZ+v)Pj;%K8iFVZB!>A5DQoPv%Y<$Sq&7^da4PJlg zV8?hO{HE=x4X~(@UZJG3o|~uXfY!0U0HZIMxiCtjQ#6Lf%&#Oa5K43-g_6_iqaK^w zSDNCJQw~m|!_RG89>o@bXf13symSh?J20Q@S64%$@&l6eRJ!fcoPtZc39Wm zXWxDJlt6w|J@teJjz1jzjmXYN%ES+03Vx3FdXcu~C+Q;ZM1k;R~lN<`Cb7+nW$LsaF+H;tVF36j(REfAagvN;GBQWS&YYOjg!c%M}K}zZ?W+vX)ru+ zmO-SEZ_tLXoU)6GtXs(SI}YiR&W%Hh$&&grZfo}1L3VYfKEi(A<2x zFoe12=%!j{K05Av7WehD&TGQ-t3(YsD|j;m29{ol*CxeNNYqN zIVb|k29*R4o*(FOh(4{fr5_Vx9c#R2`99J5otdGi+?;H@)Zk`}0@T-HAT@ zWyLp`nuUhgdZTKSN|zR{y3CM2S7+swQZvWuwXE)Q^+I1D<_`AmI4=2iI!eA9b!T8{ z%XoMHLVz2#8q|HbSlZfJF1gs^aW{r3airVS+@=M`@9y9$J2Cba9L(7=^W2Zjv?WuR z`;++BWN=1Ymy-RKZDz$wUu#U*Ot;JJXoo#t9wu`);t~XX&QRC$Mr_J<9%c|=G zgNpKfB;J*yxJ8>!EnMkLD<({z#(W_wv&z*ew;r#`vA)U}XSSZmYqv{Lu+cg8aW5e< z(kXJY8>_IswfCKn`})~&ZJW|pqJB`p!Ls`@k5hN742E)2{OxGI+>vm@gtIUOiDT_H z;o7%bPY#L`76{apiGx>~k9Qo(bm!!GNKM;t?Myov7wDEh4D8fJtHAUqChg9vn)V;o zT4rOn+{92;)KyVr#h36oqM=#!Z&YI&dST4<_y$hDk1iF3PYgC0f%Pgw>f?c`d*O;S zK5QeOq6ea5qeF~&6B3V}o4hs%O%AM4*FsQBekr*3?!L8kW`H61-0<1S3Q>1)szXT1 z@M3Q$&NtmpWTt(!@t>X@(?&W5@%o(g-um`#)2UvuN;CTG?W`V{eAjT779ICKd$&9z zHvjZcJLjTCv;v(;u?u{))G}acTuA-lr{e2Q_;;N0Xq&e->nOhCV{zT&*Lk#D^3nM& zJpLp<^sVi+j8ej)^^vM_g%T3A@v+`Cd&-s}=ScBv1yiSS;70p6J{@B;9Zztq8pBIkqc%@Y?bnc!#89UaXi`X!tg4-q zq$bXG@Cso*8W&^O=(-w;H;R7~+ZnRb&OP7=Ut!8`?c;Y^7ry0vzP`B?>$uRHM3WV8 z=tnXz4o$&cp-#DD?GIi!(7o7*zIfZ?_nMTL7ta%~?g;a7u#uw*tB2Dy`OP;GY5=iMxp32`*jP2aI+W-rSQ& z*2;~hf2gHfRH1Nse6iL_)J=O8j=x2d7HO3-UZnnFaKZ&2x13!DAUFEv5Bw z#rJP#l*d<(whd1=@>-9r4+1@vy}Q`^_fT_Yd1O_wznj@E`DtnP2wF0L8(MXJ4+M|2y3*4U+P%m8%^~cW0;MOphUm>bQ#9!d zklq?+&$Kil{CYw5^<=hBZixj2r3d=lrZwrhej^P(3*^JRs1wD4_-)QrYg;!0$+ zehhGcmx7%jr)-(%rq0FZ<+!pAR*E?l- zOEY0l_3=92LjaBzArtEY6rg{VKsuX`R6$XzPPYs z=E3%>m+O>ENd?k*q$RUXHT;!XAHFX(Mm|138)}sBf2m?qU?IC&-@9Fm+<-r4{<*lve~<}_N>%R-lezHgg%qqd?v_z zb=N~qrO`BmvpicJOnum_lZRVr+5%=|)Y@Y&(?FcV2{O^%B z4f$sZhHW3?y?^ZfvEsq31(#m7PloA{9LJe<1JU)FU9hcogNJFIS=0mn-ke!{cV{TR z-WjKYo|TW%;LKf2D!Gc#s~+F#sB&jNc?ng_9(K-5h#W~b_#PemcFwHF^v|uc^Ky_1 zIt!^j1I(UFAK_wd$vA5^Ji=GhY|MTOnhW=O3)*%>j}Ns)cvA;U*6SwsG0ZAp)<)Qh zH<01G)65oniQ$vdl84*Yy*McrS7D>xJ`uqS-9GugGPm!!?aDZPp_4KyG&zladVW?a zK1x43Y%$6-OMvNsZxC5XPh|kF+tl|rauQt6aR}7+S6=f;klyPt9i^U?z#ONuvTxMD zteu*>Q`_@`<+d|5mBsekSPN%^hQ%c-qYqw7R)s5HY>ODF5+|4Odwm)ui3C#X(J|L@ zH;k&iEFL|XP0O*+Dj%U9p=;E^5SYYP%I9N93@gllS83Vb843T^L4Q}`Dcj8Lw?UVNG=++c-yjBhFv%?NI}(q`%N(Hf}VppTy+)0U9q zKVcf3Q=gDLJJ*99eILxeDd0l9;0(rh@R!k_xs5ANPIUi)Y}?4J8UBN_A-V_BN7=XB z?}G(`gQ9>od2&IwUKaH`f=1Ac*MT|>Sr)|FI5f1_W{;b_i#)vz5KlU_Q4+NKx1UOEy3sO3a2+$sBONlx}1{M{*+Rne`c z#NEYrSbj(?BKqm>Txc&Z&(SyPG7_Uu@91ZKWn%YafwH0|9OBrXwpLzp%VD@+hHM~a zGA|=1`6qk^F^Pzi&Y@xGo zJ4Uc4IZNHG(OdY{ujC37h4qDL`>u2w?%Yr~ueE)1VSVlU2En;usWD5>zgY^@$@ou} zf{T}f?-xw~LLK=3;}9M67c=mmPSKI)^1nGl{V)ZXClK3b>zF{$(KjFjZ9w)Wbd{C- zAi3!Ligf&Ks24+@*v0u=#cCQwof7$JcP{UjY`4vc5|IN+!pV7bNBD!8D!o^d#5)3f zD&bEbR8MNG6fD&TGIJk(c4(}$cf?b;{zYm+uiVyq@~yVyvpZKptI<5caI?|p39gF! zL|Y!VlI0?-V}#ga42SGTpTUxCs=GBDb{=EzPe%_lcU<;wLUf3%WZ2L(h0L)%AElaq z`{dm+rjf*PaUk2wk~%yscIWl8pmY~XPjia|UY|CpMH;(iJv7t#>dYvlTZ@C~7N_`K7@}|Gm_3&{ftyguysc*Z_TWn#Ei7PPeZcJfT_#fr zLG4Uge!kC3;XLs?Y3+%0E*k3!bg=bIMfXuNY(#tcc-mTqlij=28m~K2(UeND6bjaG zXAeX7ouP;tLw%0?ihs}G<+S{qLJrQ~L=)&Qrs)^cgJO=vA@;^_s4W5pza(x@B1Nz@ zk_J*&QWjBCXA*~4fHfS{kgUw_d`Yl1)XD|G@FNR=%47VIX$3YzQa)zZdLs75DAtLOo%b?{>K`i2!p^~U zDG&qON<*M#=15`++03O#4FR#%K$2>|6VksDsNo>jCWIY;B7y!Sg-`_9ul4+cib9qB z(Sm~!;*tq_f~1{Ld6!aAussA-!i7rxd2w@~YW#U|@S##a?x;8J%Ykrl@*&&fM5a(JT)uH|0N8m@{37t@ zlN%}FMlR1EZE_;txRC3DgAcVbx%f~$K;2RQmnd^hLi#Dcfp$CZRMIA~k<>FoEwH@T>H%s7k4HJJX z1IL8;zBfAlLO*9%z*YaJg>?X2Xh68EGC7`%Xx8vG9Wvvz9ej38)Rr85Y zH9xQFY)rpTwC}B68V`X9jqpWr-VaD8y%v)$7nL^P$w=d0A_cLt?f>K*=*ya*bfdlm zHuZ|2z9rx}k4dfANGrtN3}bJ`Z%w@AX?Ah#yffsj(Uo{g<=aEDz|b0)ttK5aQ4n zKB^PeU5Hu+tZ;f{1-fmuJ>)DOG7!LJRwb_FlwoED!KL8Vk&~}&3`>D(`>#m4-_q4> zm|Zfoz>HEHu_-AbrsE;Aozr-rIHUx11+NVit8Uau3>0U_jG5F(zAh0Pr(s}F&|(fl zKff|OAaU z1yI4Bg{8WVDX519>M~_UxJC%-)55YG#~ysp+uImZ+(`Q{MyD4f7*NQ zD#={stb*_l;prH37d&3M`e)@T=^{B|fixo+e(O&^e~BI3R}}GCU5?c>PZwuRn~XFK z9FJvHNud}|r5I+_=2pF)&{SSXyk%J`S+$b~dbtX7x4EzeS&oCgo3 zxVxkD2{tmXhrhftd`nHUI&yY3)_D`yBip?{=6X(AN)vLT(pSM;{eVZsFRR@`1s(Ak zJtG!8`3Q99K#58Ad^oQp=;Z~vnu4W8bcW9clWN?fN122qlw3@CuHLh+G0CR(K3vGS za2wC0WlLnwdIWW!1~^#BB(`A%n2<@_Cp;eg#H!C}uI2JIMhjn&g+(r(V{JfcIL2NI z(zYKFupeVLIrW%-^ARSWX0{TxMC-Wbc;xq8xAVRH^MimLJRyMIBGnxQli)qnB|4cx4~M+j+z>AB5`xpAVrvd%06{tG1xUE#EoHPNz#rGj)E* zd06GO+PvL2iV*&G=T^_VLDTH+jm~lXlnuJp)x)|$Wm89`xG;8u0*9Q>ZnMt#!JuGv z_jc#kI}hiHf;5SR%*eqd?6)8F7mwxY5O*u&=fw0Qvb4BLQ?grl_lh+s9v(Q&g-$zv z3G@t#66LLPeuHQFscw|2Zuho8d2epwt*3^mavQrT{od7Kds8*t zhv14PglqGlTT*?!662>N=PIk0trSD;A?Uj%Z40FOENDPC&)&f}I>oX?^_(=oY= zL^C3i+FXm6H`y22uLY^LkhiR>F!;}m?=YA?d%J_vl9$5E#q=tLw@Y4DgX6jL3y|3T z-ZlyFeJoBjg1tHfPsUd#wLxMv>mz>S4ihy6uspY&ka3v#1JF16*oU=b4>CrF#qZu- zC+;OCY8buqjreedWVPldTo+`De-=~#+N^F(-*lKyjKAR!a*Ho@<6-M`%!_`)SX;G-vFGgtdu4U?OMhYc3OGjBpJp_M@RE!))Zk}(Nx!LE1Tb=7d3%xlY1n4N4l{k7_OJ)laU>#|M?;Tdd_N`JI8}RQjXA5jwg_&Q^p#^L{L<%@ z^H>hi=jyLWUFor#Kw5nc(i>J#2?+~u-6DGb>>IS>eb-#3O$sR^;k8+NZN?1I;oVzm zZ*1HCgBDSm`RUKIvvd4b;=d!e{_bG@_Bns}^J2`3xA&TcSHXlx$~Fq-{1Vf zKcl?@~^1R25y zxx_vw-%<%~0)eBvcm^30BxHdiTz+S%IoR4-L99_g<`Sj+j9L5pgaJUPDgA*6Gy%Fm zq{ol+QUToTd;op@KjPVbtp`+J{@X}V@*jBUe;VR1r~zR6)oT{%%NhTHyiCAI1clTY z3V(nuLDY{3zdu}alr{ftDt@llzxsy?Dg1#S<)9|0mM#bSJ66yEsTR;50|fm#gt!cQ zM1~zB(J6qz7z~BO03cQnCo4OE!5o3Gz40e}Bcc#4AyU<&vl z1A#brkgx^y1K9kO0fBt%Nc{5;84!h{{vqQ-*7}ExhmQ-n#r~}v2#GfT^$ie^>tA(2 zm)PuYb%8wWD4g|A84|VqQ^w8x?{eI{|0>7J3H;~SKtK*IR|mGci7AJ4zq195WvTgHVvbogBt0S6lzv@M=(32x{I?HmnMRA&}9mzwHoZ f_khdwc)7yu5nwpta;A}o4 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + Client + Server + ClientHello + + ServerHello + Certificate + ServerHelloDone + + ClientKeyExchange + [ChangeCipherSpec] + Finished + + [ChangeCipherSpec] + Finished + + ApplicationData + ApplicationData + + + diff --git a/tls/understand-tls/understand-tls.tex b/tls/understand-tls/understand-tls.tex new file mode 100644 index 0000000..d359ba8 --- /dev/null +++ b/tls/understand-tls/understand-tls.tex @@ -0,0 +1,275 @@ +\chapter{Understanding SSL/TLS} +Let's start off with some basics and a bit of history. SSL is the ``Secure +Sockets Layer'' and was first developed by Netscape Communications. Later the +protocol was standardised by the IETF\footnote{The Internet Engineering Task +Force or IETF, is an organisation that publishes many of the standards relevant +to SSL/TLS. The standards are published in the form of documents known as RFCs. +The most significant of these from our perspective are RFC6101 (SSL3.0), +RFC2246 (TLS1.0), RFC4346 (TLS1.1) and RFC5246 (TLS1.2)} and was renamed to TLS +(Transport Layer Security). + +The purpose of SSL/TLS is to secure the communications between two parties. The +initiating party is known as the ``client'' and the responding party is known +as the ``server''. The term ``secure'' here covers authentication, +confidentiality and integrity. In other words an attacker should not be able +to: +\begin{itemize} +\item fool a party into believing that they are someone else; +\item eavesdrop and hence learn the content of messages being exchanged; or +\item modify those messages without being detected. +\end{itemize} + +There are limits to the security that is provided by the protocol; for example +there is no provision for preventing an attacker from learning that two parties +are engaging in communications and their associated IP addresses. Nor does it +prevent an attacker from learning the approximate size of messages transferred. + +There are multiple versions of SSL/TLS: +\begin{itemize} +\item SSL 1.0. This version was developed by Netscape but was never publicly +released due to fundamental security flaws. +\item SSL 2.0. This was the first publicly released version of the protocol. It +was first published in February 1995, but is no longer in common usage due to +significant security issues. OpenSSL 1.1.0 no longer supports this version. +\item SSL 3.0. This was the last version of the protocol developed by Netscape +and represented a significant change from version 2.0. All subsequent versions +were based on this version. It should no longer be used although there are +still some servers on the internet which only support this version. +\item TLS 1.0. The first version of the protocol published by the IETF. In +practice this is very similar to SSL 3.0, although one of the major differences +is the support for \emph{extensions}. +\item TLS 1.1. Published in 2006 this provided a number of security tweaks. +\item TLS 1.2. Published in 2008 this version provided some significant changes +including support for authenticated encryption ciphers. +\end{itemize} + +The protocol provides the capability for the two parties to negotiate between +them which version of the protocol will be used. For example if the client +supports all versions up to TLS 1.2, but the server only supports versions up +to TLS 1.0, then version negotiation will take place and agree on the highest +available version that both support (in this case TLS 1.0). + +\section{Establishing Identity} + +In order to authenticate a remote party there has to be a system in place for +reliably establishing and verifying the identify of that party. Most commonly +SSL/TLS only authenticates the server not the client, i.e. from a server's +perspective the identity of the client is unknown, but the client is able to +confirm that they are talking to the server that they think they are (and not a +malicious attacker pretending to be that server). Frequently higher level +application protocols may add the capability to authenticate clients, although +it is also possible to do it at the SSL/TLS layer if so desired. + +Identity is established through the use of a \emph{digital certificate}. The +digital certificate provides public data about a server for which it is issued. +For example, the certificate will contain the hostname(s) for which it is +valid. In order to obtain a certificate a server operator must first create a +private and a public key. The private key must remain secret. Loss of the +private key would be catastrophic to the security of the system. Anyone with +access to the private key can masquerade as the server. The public key is +mathematically related to the private key, although it is not possible to +derive the private key from it. The public key is published in the digital +certificate and it is safe for this to be available to everyone. + +Having obtained a private/public key pair a server operator must obtain their +certificate from a \emph{Certificate Authority} (CA)\footnote{CAs can be +privately run and purely internal to an organisation; or they could be public. +Which type is most appropriate will depend on what the certificte will be used +for. There are many public CAs available. A simple search in your search engine +of choice should turn up lots of links. Many, but not all, charge a fee for +issuing a certificate.}. The CA will, at a minimum, verify that the server +operator is in control of the domain name to be included in the certificate. +Dependant on the type of certificate ordered, other checks may also be +performed to verify the identity of the server operator. Finally the CA will +issue the certificate which itself will be digitally signed by the CA. + +Both the digital certificate, and the associated private key are installed on +the SSL/TLS server. When a client accesses the server, the server will send +its certificate back to the client. In order for authentication to be +successful the client must verify two things: +\begin{enumerate} +\item The certificate provided by the server is valid and issued by a CA that +the client trusts. +\item The server has the private key corresponding to the public key published +in the certificate. +\end{enumerate} + +Part of the role of the SSL/TLS protocol is to enable the client to perform the +above checks during the establishment of a connection. If either of these +checks fail then the connection will fail. + +As mentioned above it is also possible for the server to authenticate the +client as part of the SSL/TLS protocol. If this capability is used then it works +in a very similar way to that described above. The primary difference is that +the client will also have to create a private/public key pair and obtain a +digital certificate from a CA that the server trusts. + +\section{Ciphersuites} + +SSL/TLS itself does not mandate the use of any particular cryptographic +algorithms. Instead it provides a framework for combining different algorithms +together and enabling the client and server to negotiate between them which +combination of algorithms will be used to protect messages that are exchanged. +A group of algorithms combined in this way is known as a \emph{ciphersuite}. +There are many different ciphersuites that are available\footnote{At the time +of writing OpenSSL 1.1.0 supports 168 different ciphersuites}. Each +ciphersuite identifies a set of algorithms that it will use to satsify the +following cryptographic primitives: +\begin{itemize} +\item Authentication. What algorithm will be used to digitally sign various +aspects of the communication in order to establish and verify the identify of +the parties (either just the server, or both the server and the client). The +algorithm used here will be the same one used to generate the public/private +key pair associated with the digital certificate. Examples of common algorithms +include RSA, DSA and ECDSA. +\item Key Exchange. Typically a new encryption key will be generated for each +connection. Do not confuse this encryption key with the public/private key pair +associated with the digital certificate. The encryption key must be shared +between both ends of the communication and must be \emph{private} to prevent an +eavesdropper from being able to decrypt messages. Key exchange algorithms solve +the problem of how two parties will agree on a key without enabling an +eavedropper to work out what it is. Examples of algorithms that are used for +this purpose include RSA, DH and ECDH.\footnote{You will also very +frequently come across the so-called ``ephemeral'' variants of DH and ECDH +known as DHE and ECHDE respectively.} +\item Encryption. Having established a shared encryption key, the two +communicating parties can start to protect their communications from +eavesdroppers by encrypting the data that they exchange. Examples of common +encryption algorithms include AES, CAMELLIA and ChaCha20. +\item Integrity. The algorithm used to protect communications from being +tampered with by an attacker. Often the algorithm used here will be one known +as HMAC combined with a message digest algorithm such as SHA256 or SHA512. A +message digest is simply a secure ``hash'' function. They take arbitrary +length input data and output a fixed length ``hash'' value that exhibits +certain security properties (including that it is not possible to derive the +input data from the hash output). Alternatively, integrity could be provided by +a \emph{mode} of the underlying encryption cipher. Modes are a complex topic, +but in essence define the manner in which an encryption algorithm is used. +Examples of modes that provide integrity include GCM and CCM. +\end{itemize} + +To look at some example ciphersuites you can use the \lstinline!openssl ciphers! +command line tool: +\begin{verbatim} +$ openssl ciphers -v +\end{verbatim} + +The \lstinline!-v! argument here instructs OpenSSL to display verbose output. +Without any other arguments this will list information about the DEFAULT +ciphersuites (i.e. those ciphersuites that are available unless you configure +OpenSSL differently). + +\begin{lstlisting}[float=tb,label=lst:ciphers-extract,caption=An +extract from \lstinline!openssl ciphers -v! output] +ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD +ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD +DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD +ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD +ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD +DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD +ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD +ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD +DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD +ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 +ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 +DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 +ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 +ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 +DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 +ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 +ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 +\end{lstlisting} + +An extract of the output from \lstinline!openssl ciphers -v! is given in +Listing \ref{lst:ciphers-extract}. The columns tell you the following +information: +\begin{itemize} +\item The ciphersuite name such as \lstinline!ECDHE-ECDSA-AES256-CCM8!. +\item The earliest protcol version that the ciphersuite is available from. Note +that ciphersuites are \emph{forward compatible}. Therefore if a ciphersuite is +marked as \lstinline!SSLv3! then it is compatible with all protocol versions +from SSL 3.0 right up to TLS 1.2. +\item The key exchange algorithm used by the ciphersuite (\lstinline!Kx! here +stands for ``Key Exchange''). +\item The algorithm being used to provide authentication (\lstinline!Au!). +\item The encryption (\lstinline!Enc!) algorithm. +\item The algorithm being used to provide integrity. This will either be a +message digest that is being used in conjunction with the HMAC algorithm, or it +will indicate that integrity is being provided by a mode of the encryption +cipher (\lstinline!AEAD!). +\end{itemize} + +\section{Records} + +Data is transferred between clients and servers using \emph{records}. Think of +a record as being like an envelope containing data. The envelope has some basic +information about its contents written on it, such as: +\begin{itemize} +\item The amount of data that is being transferred +\item The type of data that is being transferred +\end{itemize} + +The record will also apply any cryptographic operations to the data that may be +appropriate dependant on the current state of the connection. During initial +connection various parameters need to be agreed between the two parties to +determine exactly what cryptographic operations will be applied. One of these +parameters is the ciphersuite. The ciphersuite that is currently in use will +define the encryption that is to be applied to the data within the record. + +As well as the encrypted data the record will also contain a Message +Authentication Code (MAC). The MAC utilises the integrity algorithm and a +secret key, shared between the two parties, to calculate a code that is unique +to the data being sent. Any attempt by an attacker to modify the data will mean +that the MAC code will fail to verify when it is checked by the remote party +and the connection will be aborted. + +Optionally records can also compress the data that they transmit. This is done +prior to encryption. This is usually not done in practice due to security +concerns associated with this capability. + +\section{The Handshake} + +The initial exchange of messages during which cryptographic parameters are +exchanged is known as the \emph{handshake}. While making the initial connection +no crypotgraphic parameters will have yet been agreed. Therefore there is no +encryption and no MAC on individual records. Record data is sent in +\emph{plaintext}. For this reason the protocol has been designed such that no +application data is sent until the connection has been established and +cryptographic parameters have been agreed. A MAC of the entire set of handshake +messages is calculated and verified at the last step of the handshake process. +In this way, even though inidividual records do not have integrity protection, +the handshake as a whole does. + +Handshake messages are transmitted between the client and server in rec-ords. A +single record may contain multiple handshake messages, or a single handshake +message may be spread across multiple records. A handshake is always initiated +by a client sending a ``ClientHello'' message to a server. A typical handshake +is shown in figure \ref{fig:typical-hand}. + +\begin{figure}[t] +\fbox{\includegraphics[width=0.9\textwidth]{tls/understand-tls/typicalhand.pdf}} +\caption{A typical SSL/TLS handshake.} +\label{fig:typical-hand} +\end{figure} + +The ClientHello contains: +\begin{itemize} +\item The highest protocol version supported by the client. +\item Some random data generated by the client. +\item The id of a pre-existing session that the client wishes to use (if any). +\item A list of the ciphersuites the client is willing to use. +\item A list of the compression methods the client is willing to use (if any). +\item A list of \emph{extensions} the client supports. +\end{itemize} + +There are quite a few different messages possible and not all messages will +always be sent. Some messages are optional and may depend on the ciphersuite +chosen; whether the client is required to provide a certificate; etc. The +handshake shown in figure \ref{fig:typical-hand} is an example of a full +handshake. Once a client has completed its first handshake with a server it can +usually reuse the cryptographic parameters negotiated so that it does not need +to go through a second or subsequent full handshake. Instead it performs an +\emph{abbreviated handshake} and reuses the previously negotiated parameters. +This is called \emph{session resumption}. A server may refuse to resume a +session (for example if the session on the server has expired), in which case a +full handshake will occur. From 8de31759b35114903a03eff649e9fc7691576d83 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Sun, 21 Jan 2018 18:42:21 +0000 Subject: [PATCH 2/7] Make some updates for TLS 1.3 --- tls/understand-tls/understand-tls.tex | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/tls/understand-tls/understand-tls.tex b/tls/understand-tls/understand-tls.tex index d359ba8..c35aecb 100644 --- a/tls/understand-tls/understand-tls.tex +++ b/tls/understand-tls/understand-tls.tex @@ -121,7 +121,7 @@ \section{Ciphersuites} the parties (either just the server, or both the server and the client). The algorithm used here will be the same one used to generate the public/private key pair associated with the digital certificate. Examples of common algorithms -include RSA, DSA and ECDSA. +include RSA and ECDSA. \item Key Exchange. Typically a new encryption key will be generated for each connection. Do not confuse this encryption key with the public/private key pair associated with the digital certificate. The encryption key must be shared @@ -186,9 +186,11 @@ \section{Ciphersuites} \begin{itemize} \item The ciphersuite name such as \lstinline!ECDHE-ECDSA-AES256-CCM8!. \item The earliest protcol version that the ciphersuite is available from. Note -that ciphersuites are \emph{forward compatible}. Therefore if a ciphersuite is -marked as \lstinline!SSLv3! then it is compatible with all protocol versions -from SSL 3.0 right up to TLS 1.2. +that ciphersuites from SSL 3.0 up to TLS 1.1 are \emph{forward compatible} with +each other and TLS 1.2. Therefore if a ciphersuite is marked as +\lstinline!SSLv3! then it is compatible with all protocol versions from SSL 3.0 +right up to TLS 1.2. TLS 1.3 ciphersuites work differently and are not +compatible with earlier protocol versions. \item The key exchange algorithm used by the ciphersuite (\lstinline!Kx! here stands for ``Key Exchange''). \item The algorithm being used to provide authentication (\lstinline!Au!). @@ -252,13 +254,16 @@ \section{The Handshake} \label{fig:typical-hand} \end{figure} -The ClientHello contains: +A typical ClientHello contains: \begin{itemize} -\item The highest protocol version supported by the client. +\item The highest protocol version supported by the client or, for TLS 1.3, a +list of all the supported protocol versions. \item Some random data generated by the client. -\item The id of a pre-existing session that the client wishes to use (if any). +\item Session information about a pre-existing session that the client wishes to +use (if any). \item A list of the ciphersuites the client is willing to use. \item A list of the compression methods the client is willing to use (if any). +This will always be empty if TLS 1.3 is supported. \item A list of \emph{extensions} the client supports. \end{itemize} From b85d25997443dedb6f4dd2c7358b3b3a75ef66dd Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 25 Jan 2018 15:18:46 +0000 Subject: [PATCH 3/7] Some tweaks based on review feedback from Paul Yang --- tls/understand-tls/understand-tls.tex | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tls/understand-tls/understand-tls.tex b/tls/understand-tls/understand-tls.tex index c35aecb..f170210 100644 --- a/tls/understand-tls/understand-tls.tex +++ b/tls/understand-tls/understand-tls.tex @@ -5,8 +5,8 @@ \chapter{Understanding SSL/TLS} Force or IETF, is an organisation that publishes many of the standards relevant to SSL/TLS. The standards are published in the form of documents known as RFCs. The most significant of these from our perspective are RFC6101 (SSL3.0), -RFC2246 (TLS1.0), RFC4346 (TLS1.1) and RFC5246 (TLS1.2)} and was renamed to TLS -(Transport Layer Security). +RFC2246 (TLS1.0), RFC4346 (TLS1.1), RFC5246 (TLS1.2) and RFCXXX (TLS1.3)} and +was renamed to TLS (Transport Layer Security). The purpose of SSL/TLS is to secure the communications between two parties. The initiating party is known as the ``client'' and the responding party is known @@ -83,19 +83,23 @@ \section{Establishing Identity} performed to verify the identity of the server operator. Finally the CA will issue the certificate which itself will be digitally signed by the CA. +Some cloud computing platforms provide the capability to generate a private key +and a CA issued certificate in a single operation as part of the cloud service. + Both the digital certificate, and the associated private key are installed on the SSL/TLS server. When a client accesses the server, the server will send its certificate back to the client. In order for authentication to be -successful the client must verify two things: +successful the client must verify three things: \begin{enumerate} \item The certificate provided by the server is valid and issued by a CA that the client trusts. +\item The domain name of the server matches the one given in the certificate. \item The server has the private key corresponding to the public key published in the certificate. \end{enumerate} Part of the role of the SSL/TLS protocol is to enable the client to perform the -above checks during the establishment of a connection. If either of these +above checks during the establishment of a connection. If any of these checks fail then the connection will fail. As mentioned above it is also possible for the server to authenticate the From 14275998ac74e5691705821560522a48d4313325 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 29 Jan 2018 10:29:08 +0000 Subject: [PATCH 4/7] Fix a Makefile bug --- Makefile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 77dff8a..2b114f3 100644 --- a/Makefile +++ b/Makefile @@ -9,11 +9,12 @@ CFLAGS= -I$(OSSLDIR)/include -L$(OSSLDIR)/lib -g -lcrypto -lssl #No exe's to build yet EXE= -BOOKELEMS= openssl-book.tex - -all: openssl-book.pdf \ +BOOKELEMS= openssl-book.tex \ + foundations/about/about.tex \ tls/understand-tls/understand-tls.tex +all: openssl-book.pdf + $(EXE): %: %.c $(CC) -o $@ $< $(CFLAGS) From 76bc15652cfecc9149c51c97a60d4eea87223c2d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 30 Jan 2018 12:16:03 +0000 Subject: [PATCH 5/7] Add some content on sessions and key updates --- tls/understand-tls/understand-tls.tex | 44 ++++++++++++++++++++++----- 1 file changed, 37 insertions(+), 7 deletions(-) diff --git a/tls/understand-tls/understand-tls.tex b/tls/understand-tls/understand-tls.tex index f170210..6b7081f 100644 --- a/tls/understand-tls/understand-tls.tex +++ b/tls/understand-tls/understand-tls.tex @@ -41,6 +41,8 @@ \chapter{Understanding SSL/TLS} \item TLS 1.1. Published in 2006 this provided a number of security tweaks. \item TLS 1.2. Published in 2008 this version provided some significant changes including support for authenticated encryption ciphers. +\item TLS 1.3. Yet to be published. This version is a major rewrite of the +specification with very significant differences to earlier versions. \end{itemize} The protocol provides the capability for the two parties to negotiate between @@ -275,10 +277,38 @@ \section{The Handshake} always be sent. Some messages are optional and may depend on the ciphersuite chosen; whether the client is required to provide a certificate; etc. The handshake shown in figure \ref{fig:typical-hand} is an example of a full -handshake. Once a client has completed its first handshake with a server it can -usually reuse the cryptographic parameters negotiated so that it does not need -to go through a second or subsequent full handshake. Instead it performs an -\emph{abbreviated handshake} and reuses the previously negotiated parameters. -This is called \emph{session resumption}. A server may refuse to resume a -session (for example if the session on the server has expired), in which case a -full handshake will occur. +handshake. + +\section{Sessions and Resumption} + +Performing the initial handshake can be quite costly both in terms of time and +resources. In many cases a client will need to create multiple repeated +connections to a server over a period of time. For example, consider the case +where a web browser visits a web page secured by SSL/TLS. After some time the +user may click on a link to visit a different page on the same site which might +result in a new SSL/TLS connection being made. In order to reduce the cost of +such repeated connections SSL/TLS has a capability known as \emph{sessions}. A +session is a set of saved cryptographic parameters that were negotiated during +an earlier connection. + +Once a client has completed its first handshake with a server it will save +away its session data. On a subsequent connection the client will attempt to +perform an \emph{abbreviated handshake} that reuses the previously negotiated +parameters. This is called \emph{session resumption}. A server may refuse to +resume a session (for example if the session on the server has expired), in +which case a full handshake will occur. + +\section{Key Updates and Renegotiation} + +If cryptographic keys are used to protect a large amount of data then it may +become necessary to replace them with newer keys. TLS 1.3 introduces a new +capability to update keys after a period of time without having to perform a new +handshake. Either peer can send to the other party a KeyUpdate message +indicating that they are updating their keys. This message can include a request +for a reciprocal update of the other parties keys too. + +In SSL/TLS versions before 1.3 there is no KeyUpdate message. An alternative is +to perform a \emph{renegotiation}. This is a new handshake on an already +existing connection. The new handshake can be full, or it could be abbreviated +using previously saved session information (such as from the original +handshake). A renegotiation handshake is not allowed in TLS 1.3. From 8d4eb9e262aee05ff6273a086ef0e9441535b518 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 31 Jan 2018 15:26:40 +0000 Subject: [PATCH 6/7] Add some text about renegotiation Mention previous security issues with reneg, and also its use to force client authentication. --- tls/understand-tls/understand-tls.tex | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tls/understand-tls/understand-tls.tex b/tls/understand-tls/understand-tls.tex index 6b7081f..7bba3d0 100644 --- a/tls/understand-tls/understand-tls.tex +++ b/tls/understand-tls/understand-tls.tex @@ -311,4 +311,10 @@ \section{Key Updates and Renegotiation} to perform a \emph{renegotiation}. This is a new handshake on an already existing connection. The new handshake can be full, or it could be abbreviated using previously saved session information (such as from the original -handshake). A renegotiation handshake is not allowed in TLS 1.3. +handshake). + +There have been historic security issues with renegotiation, and for that +reason, a renegotiation handshake is not allowed in TLS 1.3. Note that a +renegotiation handshake has another use besides updating keys. It can also +be used to force a client authentication. In TLS 1.3 this can be achieved by +sending a post-handshake CertificateRequest message. From ce37d014c8ba635f6c288d46369c665c1cff6275 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 1 Feb 2018 09:02:15 +0000 Subject: [PATCH 7/7] Add a time indicator to the handshake graphic Also, makes a few other tweaks based on feedback received. --- tls/understand-tls/typicalhand.pdf | Bin 12126 -> 12516 bytes tls/understand-tls/typicalhand.svg | 225 +++++++++++++++++--------- tls/understand-tls/understand-tls.tex | 13 +- 3 files changed, 154 insertions(+), 84 deletions(-) diff --git a/tls/understand-tls/typicalhand.pdf b/tls/understand-tls/typicalhand.pdf index 615c1a09c26b565aeeea00efffa237e66e32f5ef..5730adb1870d68290dd336dccc829935a5daf9f6 100644 GIT binary patch delta 9707 zcmZ{Kb8scjw(d+gv7H_67!%vJZJQHwM-zKT6HaVTY}>YziEZ8AdH3C_`_8G?|EyJC zf9vb+s;*vLt9#R6-#A_#q%q<^z>V7RsCh*V{TIHx8Jh{0#5qM6#zm?kV<*_igC07u zy+7^X@+g6!VbLmcP71ZPP0d%lb4c@SXfXZ8ua&jBcyZm&aZ>@`qVAyYzWN-jDpRqG zWD6t!$MwjiOq^C%+9z028fMH4m~2*N4}l$#s7y{xz73++n@?DPeyl|^wiOGu6(>&r zpu`D^+Wdn&j1G~SRL(x^xMAWf*qQBXv#Gc^_jZG3w4wud_&r2m=drS-Rbo1QZ7@S{ zJpb5oBPD8CXtS;V&|+m@h&%i`8#lEOZCyM^R){>~XA4_Slik@O0;8FD&rl>hN6>^# z-^ICdgN9xKA=ugvq^&C^96~7WwD=+wISoOoHibK5`4hiP+x&N7cc-wOJN(6Y`Nng0 zg8VYLCe&)#JP0}AJ=a0gR=+V*_Xm9nv@PY7foHz_;~if$o*Q5F(5H&bJ5LDgvh%3~ z=iE_M>=(790*CHs{zHXxkH_+hq{HM7Vrkundb72aPz|P=rvM#;fMu=d=1-mU z;iTGREG#{UJLA%c&xi^H^)}IvR0PSg^xqjQJph9Pt;S8-t~ft@x6k%ZpK)hb){H9n za}V3uT(jYs#|mDoW9hEeG|U5nIPY&mL1^1IMb8O zaH4Cfbu9-QL>o-#4l@hBT?kI;M-Ie+Td1<;+2JZRI{&g2Nj-c=fms88&S3dCi``~z z<$UIKwNAPnRk&BNzd#`j3iRZD-i{r36$AzxQ;XjPg#gMrG@(-VF=-Az=L43u?XCTH zDMmKWXgr}{5-SL4ynRtw> z%Za`|lUO45F2jxt0Y$oeuJ-8VGBFSmKDp906bOidyF_!Vwh z4soHA1~C;^zSD0>v({*11t_QhjX*x;oCK=ULqZ>~8aW_rJMI10C2?#BTDv4gQjJ== zPlC8!jL}0UBM!re^76h@OcG(HJMvQE{9U9Jp$WiC?9>l0jFZ$8;vDMI98*>1VBmBb z8(b@zs*PNHeROCj38HL;H+L{|as6R#Z2vFM(ZmLxjf9EhUzUV~gqxKGoCw+fjh%&& zm4lmu8*B)*4r1qEgBK8h|Gz<=nde?UzUl)FpW_w3-g&0{ekh1+QeB38i3t3%V;no2 zkpcrJRbv%^8gB!a7XTwSpNQHM3J(|gEdk;Nom_>lCqRchT~RKX zPpV8(pbgyvl70vv_WXp$E~n4^ChwJ4ujPY66Q{AO_hIxkWjsgLYOy#(EY;X&;oU_u z1$6B;s$$n!BhW}}XdRdeeYeuK0i2E7L?KhRra z==ZBS*VA=R`(;!FOoJ=TbY%?wJE>^aaq@QJh(e7Ql4!n>DxPjdm0)H?GI||!`&-#^ z7H3%40OuOP#V-l}m}JGkBdM*PVMwRu9wf0A!|~Ygy~>=}U3^HAl_%^4W(Fw8ya6P& z{L7ScyC%^rMb~lT$(e9IFF&%UDT8D9{>xWdK&1TdU0J!w=CjX53e~~o0kqf6g^xfQ zSAs(^!ZBH^A4Hwhi0;#E&93++x*>T6-omhFtk}9p-D({qa?`hP2xaC-@EVl;sXxp<%#0~s@#)?q!V&VG2rX;HWxKrWX8GG2!xe&Z=vtgQTHtRcl4&n z58ATO!R=2OFaxi@8a8Jy#@d5YF}_Dong^Qg=6feMYCJut%$OBdKib|vou8WK`N`c{ zo59~U4-Sx&a<1ygDH_C$>ufAtb%LCcco(k!rhQ?BlSWfjNiuzJ~sPaDQ7^ zYrlLkh0_*Et)b|on0d)8O!39o{kxqZ&dU{6LVYVHet?w~c4ld)>-%H#ZRsZQUviH&<@qdqQ&kY(TK^Q$WtyA^JS{zt9(?N0C-{WB3oNGgemgHY{tz zBZ?mN@)Kk>_871G+$M#ZEPX+XwMIwY&ie9n9AZ7CAAm-FSVQ*I+8>{*gh?CkJIgE=W0=w7#0i z>RRg3Wm^~+Ou;pUM)&&liowbM5|DM{t==_tR8R68P7Vwqj+h!AeNu+GTSk?=;ZfeCU>)SkN66 z^pBJ9^}pCr>A@nweX&0}H{`HU~{0iQqLRx+? zQJo9Vx9x=)=r)e?dhuK$<=dWp775ws!*?qW!om3Iiy;LGMgUF9jfSXyRSg%B7fE79 z93~J!>n_4k>qiz;ICMkr=`fxoQdY26|;m`6vO4aqb(jw~&rpQNao)aFI4tXZ7XoIZJHzvr{n?1fhD@+FN-|77(nYiQM?E{-JD3Icv&Kd z#59u_1bC=dHg0DW3Ph}!SSI~WS%at!O>)(&uC)0&*C5hYrNH1&655_WMzlS0JoiMe zb3T`D6rEI)9`@!GfL~{3ng+xM{2@p7pOEUoaG_o9QC?T`R;|l zuR87|G=g=RNpx5?KQ(eSaj_bI`25W8)!r#{(o8$Z4jq1w!f+!ksO9HLPcbD`R>`{` zOR?vv`RB;r3xp(CE0r{`{VZ=+kZ*Q9m@lQv>GZj&ue{M;p{yq3Iv|DdI=({vlp@y? z#wVBdCrMYEX;{}j(6VLw)lNfZ#Z43!EO!?xIyAR>dp5&PLfwbqftyJyNh|posvK>$3OeBioCmH4K6XRu zn(LleK-wbadgi``T`ajj(;VkKySaxE9iR4HwbF@mNEitK~$?jG&&k z!v!Jj|;Eo_A)Qqs6o}60+F@Q4`k-IP3J4U~u?;$PyTr1Lv5`b4kVLVkq|B2TTi*6lh5f z3S&VHRoNRA_Szzv68DRjwkFg;q{T||L|wTHLyX!o3f z1ovEnQwrm3gRxx+Zl1i+-oW`PVq-jmC0##;U1iAvNA1xcy7A%wMpp`aGIisC+=pP- zgwi|Bu$x?ylEiY0HOJsD#8eP6LLj8&BVlGkAa)s@*e^do1%{xe&4SJ=wx@xY0Y5~S z%2uGqJSY%lL2-xmqx6aMK=w(-w-Pa}K51M#l1T`|HC;%Qx+dnP$|^k3&=sk%=67i2 z-}Gg#UmaU+vT<7k43?o+%i>GW4w~#m8U5yI9KoombFOHqeSdhv)wuzo6QG(5jtu5O z6ry<1$jk6I(mmGxk_~%a~K`4$!2A<<{={?yB{g z_15M3r48E_=l5S5hY)utz0$1KjQCapg(>Am1jP;kvda_aG4!K(VuS&kdE?UB>j@-~O z`pPLyMuu*iw3CkqH zxN_8@B)u#ny(pGhO`#>!KkHr~m!R>nG^+fniYCV4bO@0q_6K;Ensk7BDW98@;P5f| zFo*w>73N3+^AWFf(8@oGIe4pdl0_!w;0~=*&u`i@QqX~K4AgWxaWXduW6HTPW_Z{( zZ-|d15&c!~+eVFepyJaVwJuCSBxXm~#3ioqtx+0o9`eGi-Ab%9lR@+x)fz-B8J&oc zxD(ZhDB4M%T*t7+w$`qeG#%m8jQojztE#knKu3Ty80n3Hf1Lf`9&x(hzoAVKi58oe>7JLl4h&t# z50AAWQ*Z=N2Tk7J;j#^-6Rm}O8#h~i(mIX);Z0V#81JgXWTZ>RO1+q%!*N4S2H5}1fq3`N#^J07-JEqfA zFg@-G2M>QHqJFM?$)bxk{jk+G8AeU8wvaZSA7~UPVs7fSqoqk@NT{ze z)ND6=FV)y-=x7FqH0Oh(1B!7xo@A-#QUBud|DN01Wf*o|aR|*UP-SW>kH&Ik@3hRF z0QLLn_tEpD8XrR&>Y-0w=+NkgX#a1pvRye(G}51$Pe|gX0dA^~<5i`&T96o9D-hIEcXl7VEs$EQX}kaNi0 z!Pk0a6ng#vyEa9|CEj3H)(|#Vh?A4%<>{HQ=;lgA>A1VU)FEUIn^y@xJNZNAItjnv z1p<1u!!LK)h~|~JdM`d&?G;D#cv5UU^T4fAKDian6T*2HSkaC5>29#($%pj`LDK%fHa!M!>oT_9VLf@gl5|}8~ zhJVRjwPxm&v0u;&MeR%1hDrc4o7NQd)g0p~5&pOuA)-AdxjT}tiCXpTgDPgvRP>h~AltSJZ65=! zHnJTfNy^IjIBop7jX?K1yqhYrUY_K5teG$ANzao_#fp6Ael$|++L@~aq?d&onI8eYVb9* zmC|%w??^s~PLv(wfb3fGaT;|l!tK|t*9p21{g`yP9I;6G!(sYgKrFUYneqcX$n4+3 z!D{giJXw>4bjSI3*6u<2cf~LD@8oZ==;&>2m5xOPft$in&c1G!p183`e!L$!hM14d zQccs9t^}J%9glGBTZNY&sjQ#HnyywjR2B;F;rA0Ot$JHNlHzS0&o{;qfBgmn00(H| zT#Fh7Uvdp3Od^CnL4epP{KG}~MIP)pbC=K0mk)6l>G;gSSBAPcyTZ0w^~ep`+TuU} zneDLX@+}9yyzR2k*_!<72<(#uJ2%oRS1x$O=!{}N$Y>vi0T|{S!*^2X6)qp5co6ms z;2W;KsyD+m9Gto_>5MjsC%1^)(7M?M913^gD+b-6YfHp}dM%l7)1S32fT`Q`XXH8C zjEm3NlnrK7G?F^)u5hJB2WQA<+%%Jk44&V6uIoz*iAmffk1_W7ykNL8q#9>#hnK8x zpuHgAwV_Fw(vr#Eshlh8xj+cogArVcNMzcS52W|aOYPH+^oW>8q8_|D+T1ii-sIoA z>R=}vS(7%<@!B8x6)F5-*eg>lc+hWKPxP%ms>D?yI3ecJfrch6mn4-)Jn_GbO&XST zp3EDP0(%1|e0r~dDDw4NrZz}!T8arR4QhvdYoI}n4MIX zB$a-!_{WcULNdtQ?D<_8QvYP*U4+b*WKam-(rhtk8E2n9ngXvN$xu`~ep#6T4b z?S>5U?Ls1jrL=&V$v)+CBQGQnvUBOKO&vr|W97EFQ~v0 ze8(UICKD1kQj#{_CyzSjccP_|Dd~3X*&P%{x%ay2kDIvWsQ$W-Y`k2_j;~_RnWyensO+p*1(h{mMEh4Wm+V&WFETZ{gAd8%*G`k$7q!%k*jE!F;NF?P( zgUTA0;x`-y<4i=jtWn<{C|qO@2MOymMHYf!^-cc7r%mz13=)b zm2Xe3hhuD<^O`H2fbAo0o)F7?N@qQR3Xzh2T6EXv!d zP4gAcn?Y~b(@R+S&RYxI?wbu4=U0%xlm4G4q29~9olmK!%8*BjH;LXAZ!Q-eh0Fve z9^}ojKvi^w3g&?bTu&-O9bh}d&Jy}&;#E-yCy+4JNlv6bWQl^1J-3uroK5;$=R@l^ z8PD@!!t2%3D;)~Kn{rHNGlky-u~1LdD%&+7nx{MQA(}uo8Bgur9(2zUI9Sj_aX2JJ z4Jb$QOfk@pXgNyk@;rba-5{w(x0ey+Ea_?tpm04#xV#gBBlG*Kp>;{vIeH_%BhDI- z&oQiWN<6ZX;%Xhc$&(Siv3W-uGCQHBWs{Ucw!}jSpiovGCQp!MqRM0E+B*lhibAT6 zGL%|Y;+3@X1aPR`tmYJluY$Oh2(|?k1B-zbhMZCrsWlF$d=Yj6UIgGxSm6};93rWJd=9;)=(H4SQr}z!TfG}R)p}1BYRaHS5&ZJ_potQ$ zYC@6~w2Z?JVEBMLJ;+*%Ur}7UXOXGFHDbMr6zi#91QTkO3CXb)!$3Y1^g2igwaT={ zfg$K{w-n=GCJ!h~kM0fkH1ZurxOxiA2^KMB*m0Ka$tx*mOXTq+CPsf7a<9X1#c?-C`yFV#E%v!czBa2`NUfQVlbCG3D((icED ze3nDTBKsQ@DtV_Eh=@{9To``0M#2ECqH0IB08PUol@bpm1QVR)j%ETms6M!>-Ge+lo3X%+pXiqoo?!ech z*iPE62}1~j;_b9Yfz5#GLu!RWGModJ7%0gE?2$+!U44BB68pY`ZAYTSi3-OiCA-Kc z&iZNCJp9S=74Gu@>-BP{AU*($O9+7CVB%)3=O%>w3K}JEiq-(32(#TVryP1A=9Rkb z;*t^nitER65sx0n)gI|*4lgpvigZ;Qc}{G$s3ISO%yAS19H<3Id2MY-^CpRkzGs{1Z9>%m{kpHqPM6UnCQ6)Zw;9v#|kVrss zbFzVdk`#hGI(;k>C$=#=`0*>D;NLkW0TV_JHx1*eC1)gGzk_jdeV<7Qzao> zaYR@@LvT-%HYF?{oG+cd@G=>q1w1ex5^4umP8UK_Gj;QhOJ-T>1g{Ks=tAW#m2x`h zN(HP%RooI23jUZ(Bva1J=~-+4((aRtp4kP>In-0y>R9-uXD^L69xDC)nVKP5sMuv)rsBvg#eP>K6>D9& zsw3Mv{4lF-gEPiH9|@E7hi?> zPj|=BAyz%jQY*Vr{Vsb>F2-lFC2+Mg_)HZu<~U2(u2o9md^YN?x)ex+-SMs9bV%A`sW z1<7+4jh_8(R}8JI3P1<3);xX~*)0cDxw3I-R!|;$;gzf*vk$RqYG3DVXN^uVTidb9 zd|u~9zM#t687%H8Sw1s&cXSt_=1~qwoy)VciG5uQ^9M`C$4oy)uyTn4)o| z*N;pkp`Xv}7Y!El-;xS*4N)8X`~{;*GyEA!)eHv3DO8Ygjk@%L*uij~S6w-%0Ma#n z7OjBC_@ruyM@1iF3h?4p+M=NA*dk#+T=*4px>~AwL=+Qf^G7=wIZ7f}H9CGEb06i| z0<-9?jGEo=3eqR8&=U{L?#;7QR$~G)_t%5mBiq5twaXrX>(}te(o~2gS5#-xr=`|@ z2#lKCey4lf`mo@k1|Q}$32nYs%LI&lOwGx43e@w7e2R_XlDx!nFaaf~^J>={bt&^H z^BQlDm{P!P7fe!>{?zQA`I6>L5#9ys%pKkJ^ICJTaOQ~`mY7B0YIpaiuN!kXf{7<7 z@nu(P?k37!2V$n>+fV1oC_$gAVv$#(N3kOsQ_?LFU2lc-5>1rf)&l zw0lR<`O(;eXgKMb8D+m_=9lx*abv=w)J+la%kTTD(@vafs}aKdUg#*1nGKM4N%klt z!mr8p0*JqJUBCIO@?Q>pz%;Eo=Jmw*CEj&1Wt+Z5*QQ>pay~GD+%JEWZ5W*W*roEH zkCOI7onmnpz$kZT$&MI^J&&*nBVKF5v+*Ho#9PJ>F2>UhLT>np=4w>WWsht!CsDjQ zPfU>Y6lr%rTEuj>NF6RJp`&UDj$c|9nR!Utw9{V-l`2Ms~@MPUMh*JuKtuuoD6+k zHrtPaONTp_rG*_;$n2R`3yh9r!VasYj{X__WAG90R`r^HkWVunA|DtHYpOi{#IdIvo!5)2jwxY`NF*hthT`cA65JDr@HIq+-%Y5-qwT`6 z@Ma>f4omMza~R^pn=8V%!8a`nq=_EM`!)VgIxA@>N=rIZ0wc<~8bR!Bk_^Hoj5QA> zR$ai67ent+_6|NA4xHZ9=*6+=0an=oSsWn#9A)6B7PT&qS+ZIS}U=0qVh2sBH z=b>-IHzpYa#qRhe90z!$>3iYzo#Cb%Yl;GfYfPoQ|KOXD@Z$$};Id7t1;62Pbyvcq z<8DiQ^2#rO2rt;2!>lzu`g{KDxl7>hHF6cmWR*G;Jk5NM?o<&m6ifvCB?p}KNx|oP zAfrPAS-hWTRCyM_2_y<|5#g4excs;d%ucL&D&=&Nuo76iZ%!g%Qya(N>cN!_mt9|57mxc!pN_e|Xe%8~@`X(Dy?yGl8e+IsV%Kz(58w98L~q z5~hDO5(g6a|Kl(*GqG`ia~Ocw%uFo*{BrnzJGofF*Nhk-4yOMMW9Ix1HZ$8l!vChg z$j@xS#5|FtG&W-gZh4gNRA%?^h7E|0*%#Ka9xK_RXv0smkBPfRKR delta 9307 zcmZ{GWl$Vk5^YFuXK;6S9|-QQ!QI_$fWYAH?!lel9^Bns2MDggExg^W+N$^Vt9Sq0 zQ>Ra#?*7$%V6ttPpa|9&b0lO(?wZj$w#LPiEY|!i8E9z}jU`xo!#vt2L(}qQ!v)9v z`Bli~*M>`ix&vNOL51|GV3JRD%=k`OApa>LH|S@aFScqu#6(gW&?1`%?I7mfSG8Tt z-%+KAg0|FI#ZSAh%ISCVaLE{z6@#+PSQLpYtJbwq>9!{DZVS$95LcAdyK-=@YzeTu zqVLq767A;RzY%}z@G{K3Kg@i8L#!+I-@hm7c|AQPfGu)lEb}jyUOLo0f+MWWZA@I8 zDwZ>(of+p-1Sw#dVe5~>A`}mwsu@(H_TVrg3Pn6>i!`%uQ?dK|wPRLW61w+ycs^@G z-559Uhd`^(eg-e#(Lft{Kbwvl4w*O6YW4AK!g;-!2yUSyX5?4`t|Sr_398|uHW&=1 zG_=|6o2YpPfu)`Y88~uW%B)3ust*g_Kcvl&{dBX^>$cWC9bZ@#*PzOKRnGyOO&NCe z%A}=JjEFrfmOq6M3I|WkIf=KA$tE6Gh6Iq$7Wl^{V8HVT+>D=EG0HboaXzFSs#)b6 zD2b9}i+&cO$;lL5=bq1%Uj$tl;C`LjX%sd<%*{3dXYr9t;)mG_!K|p+hqhZhotm%C zI4+2~ab%&)IfB}AxOrDBvL(%=MkMW64N7VDu6y zzR90q4ka0Q>&%5JhuiYV*W+}WZ-pOH1mT>+G?&d7k`~}Dc zOh$zsL}24!VFU8=0XdS_p*O)CTx^I!LWpket`;T^h@hMc9bbJ7jcy~m_vLk~A6+wc zq|;E|q$1D~p(@|L=Y1EpBvRn2uUEkstH5Yp6#HTaEsG>C%E{@vh&44ji5jJ(bU@kM zQKC2vG%GQ%gC$*9MKW;#zkd4774Q4e`Q!C@vrEVKqIucS?%nY0_4OT$8UhgGQj-gK zvfL6bI!3d|4oBY`qYP2ZZa#)0ZRh2WPMC!iD`%q1a{G7_iarF)!)%zZPnox-+hc_Bk zM>UNUHl=xj8LllUeXFc#u99#(7b(*m46R<-39$(KX9Z0?q8`-fyb7GNhfun{KM~|`ses}P`j2twNVn<0tbJ^c~pk?Ltf`^ z_UA+a+W0NM891}y*`pI8U6~)Gu}o^N(4=VeBnQlYJsR>0M(bpA!nYoAzDXl;6a|&kWYx+l3l()(7Pkr*+<61d z9`21SE9Qo%2aA|(L$?Z%fTOKyRRN=nvni*}QF##iO@fTt!Ij*vMcvY$SlhYZ7B`Oj zSne+a96Y`ir&k!J##lKXjnYxwOQ{z@rft*Ls8=+8Iq8Fk;@rXGv&V(US;voswbIcA z=5)m4VLstfQ6y-j zLXWGHI#=&v+X*Aqaua2X0OJi!$7-*-&N5=5<+7Q)OF?UJh7b+GQwlS*t9Esu8M!|q^$8&)tSL}PFJKD`@+uKjFDaJ?sHkA9t3R?E4-~eIkq(_94@kuS1Q8H5r zacqL;766x#%AUDS_O>=1A?uUlwky{qy9Lg~+$v)Gw2IAbL|WI)MdPtMX9}YIk0YhU zC2veH>odr5)0hPEX5}jb`+J?#7O+b>Yh`)_7m}Q>?%comEFl%XEnOX;*MT2@mHw(4 z=K0n%wb}H^qx>d}7WT^y^Ygg68d`3Bxn~9&aM^j3?lb!g-7wSb6h__Q3JJeZ6$t|inYRQ|uW{PABx{Y(q`>m1BglFhF z(%!*ghxfIu)(i49UJDc^WdEgNYug1+ z<||}ivxU+vl1bnX2fRtqea6Gi(bl&bUa{d*KXZWse{9}(fK)6snbV7Z|E+ERruE6h@{#lp+N06nian?xYAi z9eOkK)xBCOsz}kI55Pq=O3(_vku*nj4UV}g){CSZJC&%0Y)lrd02asd<)6Sw-Mkx0 z!RXjl8En{AR5_sR_mhiOz5N{=D?Q%&x5ICq)!bE>wImXLXH+pUx8Zd6j%rRwZCYOS z9l4l&7sPAS@X8mn2OU|L%6J5Z3Q?&5`AA(;<~g}LQ@zNpLDfAbmsGr=%dG1&2<*Dp ztm%dW7yW=lVF>7U4Cm)YR~6Xy;&RKbR=xF?&wK430`A@Z-n`B<6@MQ;GVVyNY~N*!P|LuG zyuE{S9$SZ?ou+|CZB`FeomOtx3rN-`0BJwhiYM{oer-n(-s0)f@CVEIs#*NO$!q`0 zeZP0IfUB-<*XdazULM?W5&&&F{u9q)1@mNHhQj8WHgx3FL=$cezjW~{vXRbtVEGF) z73-u_e|~giVtu}kl&83N9{)m$Ne~u8_04=N4%H)_X?LQ9d1l7P#NF{-#@(vBk&nL5 z+bk8hNqCs_?D2X3?FPIyx5mC!zt(-;cK&o;Tv&`f_nZB9{qOESZP+(~HTVNOb;S)=>J1ibfHomfOMy#hz z?z&ipvz{9YU1h$A7+VjFZ_(;GsXgqy{CekWL{om<@L2B52OWa@-CouF=R1D27!M~h zhi^NlSD!9b@z7TcrKH*ncvufGP{_0Pq<_;%UtmZd*C)V$JRk!seqZL7;9meEW#T+@ zZ~=qY+ZQHcruubKAbsCp%X#hRNCEnA6Q;U!%?YtgW~+#%>}VTY=t2@M`%ZmU`QMZc zFRz?jxQ{EN++c8nEm?*(G7Lruu?xCWSVa(2LV8V9zP{>|TS@lOsX~!SQgEOMt^O_J zMZPIcTtI^sO!53jQ@HAMwJn`I&X}$6veuodbfcBeq|vf_%q?=k;x3e=Ycl*?&V}bU)NI&Z3^Kp(aRU zPqt)U&1M6BhJHrpVZbh}b(eYKYFB*X=o;oj|4ru^wi|ngUa)kAcHxK;c^1eRTO^9L zs^D!$B{5p7=bNpq(udO;XVX5q?a)=Tb%m0q9t1isu6i3_W@scBtibP(idZlKMlLw6 zo)1JF4Y!!SRC{J&1lMk^W*)ofEmH;NpXo1&LpWBp+%g2@_YO1!E(#)?ek1y}= z-_dV4b@-KW-_QF6=^2_F0g z@0N^0g%$hWf!Q}c!Ex$83i6#;Gxj~UMk93;Pj3lr^FMNUzxZ&^vZ)&0Uxceb75a${V zp%We8TX5uSC7C28oD%l=i$ZXu3;k%j)ztUK#NX(eia>mGA2Bnk`RG z9_rcTVw&O>-XHWi#f;mXY1hSB)(5cce&#v+urd;pKcAWRNHcJ+Dw+QK^F63*Dld$` zr2(38NO+NTCcP)W`RD-3dzZ*hg9QwfR<}l+vFn=k34uMp`~QTb{DCb{s~Dz+4D&5$702L4dSaS9LN`HEko@ zZvj5bqAdFy6+|36LL{1FH8&l1MzJ`Ze+Bxp9^Yk667^BfWa%hrzWn`lSpwd&>-aLi zprkO1AKJc(R)1-1>qBkXwrOdcxklJxU!~jXu+dTJ07ai|b)E-wxh1Z>m{{+;%S}u3 zO1qpwtm_+@`629o{`TB6s{9*wj=lEb*#DTVNqHJMpw7A&V8$&7jWQReM@k%)iA;#?a7tGsINyPlqC^?S zy8J6+J|in5-VB(V_vB|DYnV_F-L0YRPA;`pi}i!T!J#b5$mHGV`wRF4cdDVtBffCy za3%rekKQjr%h{fsU*Dgp(mZ2;VQ(`?e|}tg^(l2|WxORr^i7Cvjc%!6(I_~k6zGxp zcNWLE4mC3rsm&X_T~C|sqK-C%H5h(1eDMOHdsR~nU0wDP{{5NDO>8*BP z80CET6KxwA5d|5b5Y)s?&un2mE=W&JUqWxEW~=tI%v}_i@v%RsEc-MvSj$QRtIcgP z(i9byc^1aw_^@vnWp(xEYW@1=E6nTDtl-!fAK$<3{;n!=@1VguD>lA=2dFLGR-t<0E-GB9;ITh!Kp@`-A`%j5GDrMVbBPW{d|Vj~)6O z&!XZuk=fw#mU*0Oq5rKz)GxQ1WDiC(JF%y<;QZ{$e#-&n;BbA9l(ww_q zw|tx}ZohylN3lR%r^Nx4*w`D}!9MJA2#9YPurv`6x}0)R3IHbu$D$Q>a< zVm~aU*Sw8*jXInHoV@hE>t#Q`l2#OW%?c11EwhsZ?d$Bsf1E|{ksO^!bwoN2cb4u8 zMLoLsyzNZC{V+`IGa$-h3t8Y_$ef~Hb!JVRlas^yb7N^-4Zq#c8Y~9wEg{y2jWPW$Cpkr~Uz9DfL%Ql50rCqGTrF zk58#H^@MvM!Ymt;`gH_(vT2$}OX&D=$L^YD|7m(SVd{?Qk4MsXMUr45O)>a8OBk6C zcKtK1=^YsySBh!1SedjaKN-PGZqBEeu)IC6{dIR-S#`!iLXDirjW)m;SKV~uB)dsg zN8WZ6?%FK_4V=#i`n=OOk}&RxAVN|x*vy;dmhw4j&gGhgN6RYOo1})?=vrVxLI0IG znR3&OwDSue0~v}o4kOEf4VeKHwoC;dfufS$@C{c^Jfn6R`AW!SumT6}PShAlL;4*! z#8xem5$0LrC9>A#kmfJKAAQ*$#zx5tY(d2dpZ&2dVx_~3h2ALlmukob<-96ZxeqKJfuZp0)?e*@YD7x8|n zITIoJBmumtvwq)tQm}n$%a^RM{TGxFk@H5dLF8S}>`hYwx8&q^XzCd8J3RL8QuASgy?7wB;%}L=s_x+TLwI6QO5& z54~qPfEg7;PHKCdoMj6#>_0rRH*E|#vadT?bFQZ+&D%N#%!Ca{;R+P>!6KYhU6^)- z*na&6DXz5DZe1o{rXJ9R6WBsluHmE0OR6h%?a+2ZUrzZm4yMJF{Ow+TcT0;2K|rX| zx(8HISD(VfQ)b8Spkgz6s6ql$`BTiKy@gT=ipK#ap-??Z*Q-TgAcg)SSf+Fph60J8 zo{L0_i9t$08gp>Tvr5iB_E6+?T}U_;lS{8DA=CV>C;}SSK))S zvM;v)vNw&KL1DsiDd3HF05So1M9LcMqM|7f;Zo4ZjV?p105orl)HE_r6-fRRCIWFW z>1>YG@-aw(^>d!=%P?l=Y`XpBws<-ylvK!8fM^ZF@1aWF){Bs;}0X9&A zI!~bq(8}Vc13hI%jjZ(GV)!E_^?CAXo7P# z>WNKZCwG~;_ji#V1Xo1B5k|1n3HqugeoL5TTm=G-Y%Ht@z&KocMv{@cHir_PbHD8S`{B(ynEKTc9*P999NA%u`8;7NOj_J&-?ct$|5Lp~z_ z)=N>$@hC!J0S9wjNl{Rd#&x}9Xf{zPaw9Q3B|n_a5skWs z6eCj<7T%R+fTtwMDZ4zTrU_V9?LB4Qj7J$)8NU>!F{FAJVSUH+_m6Mn=A+}7>)j=6 zGWkefSZ*!UOP%U=mQQT1?XMR>3i0z%+*TbD%3h^bRu*W)Ji77Y?)LK~gP6DfZr zJ-vR&k&!Jzy3(>^QxhIFFQN0ECXLdfvW<_)*R@D;GO7UpQWw?lQvi1WWN& znq~Ax7K>^j@kSBx5{nLx+LzqH);hc^yJo45n`-vJQzx%a)ZbV)HwuN)@>|4g zI=d(7<_Jy-RZVj#H%E%FWhaAQ+$-p0q|KQdGt?HWYjEtS7s`1;*K3}oN}rH|n{_K` z7^Hco(haaL%D`Vz0@0U{)U~?OAg5WNOSWmbsrz-GcY5FQ*7etiNmngqjJR;0s_Rb z$8q?NfnskM_Hkph@Pw_1Oqw`Qzs@zRSLxzSDb`eG&bgOsb2k@O3*$ zym&OR+!P&NSUb|jie^Uv%K-w6Y6RnEu)A$DZnKiWxb}U7dX1^T-XI!2cT6fW_-J5h z>C{BZgWDfnM8l-8^3UFD40gWd7!|cHbB$@8XJQt&KRR8=SFZii0gYg`%Y%n zA?~iIln(bH0zAhd$LAQeVWQ!4Rl3OCjT<`4@5whP!_|dAZpNTO;G}|_CZ`_=9KbG4 zF*7P@LV?Joj(ykb&RhE1OML-P-QkJfY}{O3(L{mAMc6FKnuh%kZ5BfhAx-J(k_0B^ zIo=E&ZvQI!AH2sC{L^lDS3P!1z*|f$`(@Wi$)(4BUJkTJJQ82g1;fZrX26_hjA@K{ z4Bn+CB?X?)yfg>(0R{67Fk2IE!}&GJzYaOG2$Wz>2irR0OdjO%2#sI`^Fh;m zv@b8dO97u=9^ESb8s51TTx}UHc_Cju?6K4;Zl!*zMe*X8$M>QlQ#@60Bj*kf!njKV z_`oHYO0%9AvxdPBekzfu}j? z!T%2m#O37WBxC#cBXcA}{10GbuAv+@0l{+}Q(A2-+kaO~_H?Ef%fXXE}y zE;|P=@Bieo@p7>LL&wX(`ENh)|I-yO56?e^Jivbx26C}+{7(^fHcoEfKRMt(bv(fT vYdFdOjLy!+%l5xrv$OH>{=<-+i}RlxH&1d5n<5fB4?7x3 diff --git a/tls/understand-tls/typicalhand.svg b/tls/understand-tls/typicalhand.svg index c83776f..e4b8072 100644 --- a/tls/understand-tls/typicalhand.svg +++ b/tls/understand-tls/typicalhand.svg @@ -9,15 +9,30 @@ xmlns="http://www.w3.org/2000/svg" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" - width="106.56992mm" + width="124.3082mm" height="72.475975mm" - viewBox="0 0 377.60994 256.80463" + viewBox="0 0 440.46211 256.80463" id="svg2" version="1.1" - inkscape:version="0.91 r13725" + inkscape:version="0.92.2 (5c3e80d, 2017-08-06)" sodipodi:docname="typicalhand.svg"> + + + + inkscape:isstock="true" + inkscape:collect="always"> @@ -43,8 +59,8 @@ inkscape:isstock="true"> @@ -58,8 +74,8 @@ inkscape:isstock="true"> @@ -73,8 +89,8 @@ inkscape:isstock="true"> @@ -88,8 +104,8 @@ inkscape:isstock="true"> @@ -103,8 +119,8 @@ inkscape:isstock="true"> @@ -138,6 +154,21 @@ d="M 8.7185878,4.0337352 -2.2072895,0.01601326 8.7185884,-4.0017078 c -1.7454984,2.3720609 -1.7354408,5.6174519 -6e-7,8.035443 z" transform="matrix(-1.1,0,0,-1.1,-1.1,0)" /> + + + Client + y="71.469208" + style="font-size:13.75px;line-height:1.25">Client Server + y="69.953979" + style="font-size:13.75px;line-height:1.25">Server ClientHello + y="121.00156" + style="font-size:13.75px;line-height:1.25">ClientHello ServerHello + y="143.80527" + style="font-size:13.75px;line-height:1.25">ServerHello Certificate + y="163.25067" + style="font-size:13.75px;line-height:1.25">Certificate ServerHelloDone + y="182.69614" + style="font-size:13.75px;line-height:1.25">ServerHelloDone ClientKeyExchange + y="202.64667" + style="font-size:13.75px;line-height:1.25">ClientKeyExchange [ChangeCipherSpec] + y="222.43594" + style="font-size:13.75px;line-height:1.25">[ChangeCipherSpec] Finished + y="243.55783" + style="font-size:13.75px;line-height:1.25">Finished [ChangeCipherSpec] + y="265.06921" + style="font-size:13.75px;line-height:1.25">[ChangeCipherSpec] Finished + y="286.1911" + style="font-size:13.75px;line-height:1.25">Finished ApplicationData + y="309.97537" + style="font-size:13.75px;line-height:1.25">ApplicationData ApplicationData + id="tspan5695-1" + style="font-size:13.75px;line-height:1.25">ApplicationData - + + Time + diff --git a/tls/understand-tls/understand-tls.tex b/tls/understand-tls/understand-tls.tex index 7bba3d0..9afcc0a 100644 --- a/tls/understand-tls/understand-tls.tex +++ b/tls/understand-tls/understand-tls.tex @@ -6,7 +6,7 @@ \chapter{Understanding SSL/TLS} to SSL/TLS. The standards are published in the form of documents known as RFCs. The most significant of these from our perspective are RFC6101 (SSL3.0), RFC2246 (TLS1.0), RFC4346 (TLS1.1), RFC5246 (TLS1.2) and RFCXXX (TLS1.3)} and -was renamed to TLS (Transport Layer Security). +was renamed to TLS (Transport Layer Security) in 1999. The purpose of SSL/TLS is to secure the communications between two parties. The initiating party is known as the ``client'' and the responding party is known @@ -313,8 +313,9 @@ \section{Key Updates and Renegotiation} using previously saved session information (such as from the original handshake). -There have been historic security issues with renegotiation, and for that -reason, a renegotiation handshake is not allowed in TLS 1.3. Note that a -renegotiation handshake has another use besides updating keys. It can also -be used to force a client authentication. In TLS 1.3 this can be achieved by -sending a post-handshake CertificateRequest message. +There have been historic security issues with renegotiation\footnote{For example +see the description of the attack in RFC5746} and, for that reason, a +renegotiation handshake is not allowed in TLS 1.3. Note that a renegotiation +handshake has another use besides updating keys. It can also be used to force a +client authentication. In TLS 1.3 this can be achieved by sending a +post-handshake CertificateRequest message.